commit 292408877b82dc0a9be1bd9a0c9f025db1657c67 · kitten.sh/system

+176

flake.lock

···

       277
       277
        
               "type": "github"

     

       278
       278
        
             }

     

       279
       279
        
           },

     

       280
       280
       +
           "flake-utils_2": {

     

       281
       281
       +
             "inputs": {

     

       282
       282
       +
               "systems": "systems_3"

     

       283
       283
       +
             },

     

       284
       284
       +
             "locked": {

     

       285
       285
       +
               "lastModified": 1694529238,

     

       286
       286
       +
               "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",

     

       287
       287
       +
               "owner": "numtide",

     

       288
       288
       +
               "repo": "flake-utils",

     

       289
       289
       +
               "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",

     

       290
       290
       +
               "type": "github"

     

       291
       291
       +
             },

     

       292
       292
       +
             "original": {

     

       293
       293
       +
               "owner": "numtide",

     

       294
       294
       +
               "repo": "flake-utils",

     

       295
       295
       +
               "type": "github"

     

       296
       296
       +
             }

     

       297
       297
       +
           },

     

       280
       298
        
           "gitignore": {

     

       281
       299
        
             "inputs": {

     

       282
       300
        
               "nixpkgs": [

     
···

       315
       333
        
               "type": "github"

     

       316
       334
        
             }

     

       317
       335
        
           },

     

       336
       336
       +
           "gomod2nix": {

     

       337
       337
       +
             "inputs": {

     

       338
       338
       +
               "flake-utils": "flake-utils_2",

     

       339
       339
       +
               "nixpkgs": [

     

       340
       340
       +
                 "tangled",

     

       341
       341
       +
                 "nixpkgs"

     

       342
       342
       +
               ]

     

       343
       343
       +
             },

     

       344
       344
       +
             "locked": {

     

       345
       345
       +
               "lastModified": 1754078208,

     

       346
       346
       +
               "narHash": "sha256-YVoIFDCDpYuU3riaDEJ3xiGdPOtsx4sR5eTzHTytPV8=",

     

       347
       347
       +
               "owner": "nix-community",

     

       348
       348
       +
               "repo": "gomod2nix",

     

       349
       349
       +
               "rev": "7f963246a71626c7fc70b431a315c4388a0c95cf",

     

       350
       350
       +
               "type": "github"

     

       351
       351
       +
             },

     

       352
       352
       +
             "original": {

     

       353
       353
       +
               "owner": "nix-community",

     

       354
       354
       +
               "repo": "gomod2nix",

     

       355
       355
       +
               "type": "github"

     

       356
       356
       +
             }

     

       357
       357
       +
           },

     

       318
       358
        
           "hardline-nvim": {

     

       319
       359
        
             "flake": false,

     

       320
       360
        
             "locked": {

     
···

       352
       392
        
               "type": "github"

     

       353
       393
        
             }

     

       354
       394
        
           },

     

       395
       395
       +
           "htmx-src": {

     

       396
       396
       +
             "flake": false,

     

       397
       397
       +
             "locked": {

     

       398
       398
       +
               "narHash": "sha256-nm6avZuEBg67SSyyZUhjpXVNstHHgUxrtBHqJgowU08=",

     

       399
       399
       +
               "type": "file",

     

       400
       400
       +
               "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

     

       401
       401
       +
             },

     

       402
       402
       +
             "original": {

     

       403
       403
       +
               "type": "file",

     

       404
       404
       +
               "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

     

       405
       405
       +
             }

     

       406
       406
       +
           },

     

       407
       407
       +
           "htmx-ws-src": {

     

       408
       408
       +
             "flake": false,

     

       409
       409
       +
             "locked": {

     

       410
       410
       +
               "narHash": "sha256-2fg6KyEJoO24q0fQqbz9RMaYNPQrMwpZh29tkSqdqGY=",

     

       411
       411
       +
               "type": "file",

     

       412
       412
       +
               "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"

     

       413
       413
       +
             },

     

       414
       414
       +
             "original": {

     

       415
       415
       +
               "type": "file",

     

       416
       416
       +
               "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"

     

       417
       417
       +
             }

     

       418
       418
       +
           },

     

       419
       419
       +
           "ibm-plex-mono-src": {

     

       420
       420
       +
             "flake": false,

     

       421
       421
       +
             "locked": {

     

       422
       422
       +
               "lastModified": 1731402384,

     

       423
       423
       +
               "narHash": "sha256-OwUmrPfEehLDz0fl2ChYLK8FQM2p0G1+EMrGsYEq+6g=",

     

       424
       424
       +
               "type": "tarball",

     

       425
       425
       +
               "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip"

     

       426
       426
       +
             },

     

       427
       427
       +
             "original": {

     

       428
       428
       +
               "type": "tarball",

     

       429
       429
       +
               "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip"

     

       430
       430
       +
             }

     

       431
       431
       +
           },

     

       432
       432
       +
           "indigo": {

     

       433
       433
       +
             "flake": false,

     

       434
       434
       +
             "locked": {

     

       435
       435
       +
               "lastModified": 1753693716,

     

       436
       436
       +
               "narHash": "sha256-DMIKnCJRODQXEHUxA+7mLzRALmnZhkkbHlFT2rCQYrE=",

     

       437
       437
       +
               "owner": "oppiliappan",

     

       438
       438
       +
               "repo": "indigo",

     

       439
       439
       +
               "rev": "5f170569da9360f57add450a278d73538092d8ca",

     

       440
       440
       +
               "type": "github"

     

       441
       441
       +
             },

     

       442
       442
       +
             "original": {

     

       443
       443
       +
               "owner": "oppiliappan",

     

       444
       444
       +
               "repo": "indigo",

     

       445
       445
       +
               "type": "github"

     

       446
       446
       +
             }

     

       447
       447
       +
           },

     

       448
       448
       +
           "inter-fonts-src": {

     

       449
       449
       +
             "flake": false,

     

       450
       450
       +
             "locked": {

     

       451
       451
       +
               "lastModified": 1731687360,

     

       452
       452
       +
               "narHash": "sha256-5vdKKvHAeZi6igrfpbOdhZlDX2/5+UvzlnCQV6DdqoQ=",

     

       453
       453
       +
               "type": "tarball",

     

       454
       454
       +
               "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip"

     

       455
       455
       +
             },

     

       456
       456
       +
             "original": {

     

       457
       457
       +
               "type": "tarball",

     

       458
       458
       +
               "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip"

     

       459
       459
       +
             }

     

       460
       460
       +
           },

     

       355
       461
        
           "language-servers": {

     

       356
       462
        
             "inputs": {

     

       357
       463
        
               "flake-utils": [

     
···

       431
       537
        
               "owner": "onsails",

     

       432
       538
        
               "repo": "lspkind-nvim",

     

       433
       539
        
               "type": "github"

     

       540
       540
       +
             }

     

       541
       541
       +
           },

     

       542
       542
       +
           "lucide-src": {

     

       543
       543
       +
             "flake": false,

     

       544
       544
       +
             "locked": {

     

       545
       545
       +
               "lastModified": 1754044466,

     

       546
       546
       +
               "narHash": "sha256-+exBR2OToB1iv7ZQI2S4B0lXA/QRvC9n6U99UxGpJGs=",

     

       547
       547
       +
               "type": "tarball",

     

       548
       548
       +
               "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip"

     

       549
       549
       +
             },

     

       550
       550
       +
             "original": {

     

       551
       551
       +
               "type": "tarball",

     

       552
       552
       +
               "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip"

     

       434
       553
        
             }

     

       435
       554
        
           },

     

       436
       555
        
           "mini-nvim": {

     
···

       797
       916
        
               "nixpkgs": "nixpkgs",

     

       798
       917
        
               "nvim-plugins": "nvim-plugins",

     

       799
       918
        
               "system-shell": "system-shell",

     

       919
       919
       +
               "tangled": "tangled",

     

       800
       920
        
               "yeetmouse": "yeetmouse",

     

       801
       921
        
               "zen-browser": "zen-browser"

     

       802
       922
        
             }

     
···

       820
       940
        
               "owner": "oxalica",

     

       821
       941
        
               "repo": "rust-overlay",

     

       822
       942
        
               "type": "github"

     

       943
       943
       +
             }

     

       944
       944
       +
           },

     

       945
       945
       +
           "sqlite-lib-src": {

     

       946
       946
       +
             "flake": false,

     

       947
       947
       +
             "locked": {

     

       948
       948
       +
               "lastModified": 1706631843,

     

       949
       949
       +
               "narHash": "sha256-bJoMjirsBjm2Qk9KPiy3yV3+8b/POlYe76/FQbciHro=",

     

       950
       950
       +
               "type": "tarball",

     

       951
       951
       +
               "url": "https://sqlite.org/2024/sqlite-amalgamation-3450100.zip"

     

       952
       952
       +
             },

     

       953
       953
       +
             "original": {

     

       954
       954
       +
               "type": "tarball",

     

       955
       955
       +
               "url": "https://sqlite.org/2024/sqlite-amalgamation-3450100.zip"

     

       823
       956
        
             }

     

       824
       957
        
           },

     

       825
       958
        
           "system-shell": {

     
···

       874
       1007
        
               "owner": "nix-systems",

     

       875
       1008
        
               "repo": "default",

     

       876
       1009
        
               "type": "github"

     

       1010
       1010
       +
             }

     

       1011
       1011
       +
           },

     

       1012
       1012
       +
           "systems_3": {

     

       1013
       1013
       +
             "locked": {

     

       1014
       1014
       +
               "lastModified": 1681028828,

     

       1015
       1015
       +
               "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

     

       1016
       1016
       +
               "owner": "nix-systems",

     

       1017
       1017
       +
               "repo": "default",

     

       1018
       1018
       +
               "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",

     

       1019
       1019
       +
               "type": "github"

     

       1020
       1020
       +
             },

     

       1021
       1021
       +
             "original": {

     

       1022
       1022
       +
               "owner": "nix-systems",

     

       1023
       1023
       +
               "repo": "default",

     

       1024
       1024
       +
               "type": "github"

     

       1025
       1025
       +
             }

     

       1026
       1026
       +
           },

     

       1027
       1027
       +
           "tangled": {

     

       1028
       1028
       +
             "inputs": {

     

       1029
       1029
       +
               "gomod2nix": "gomod2nix",

     

       1030
       1030
       +
               "htmx-src": "htmx-src",

     

       1031
       1031
       +
               "htmx-ws-src": "htmx-ws-src",

     

       1032
       1032
       +
               "ibm-plex-mono-src": "ibm-plex-mono-src",

     

       1033
       1033
       +
               "indigo": "indigo",

     

       1034
       1034
       +
               "inter-fonts-src": "inter-fonts-src",

     

       1035
       1035
       +
               "lucide-src": "lucide-src",

     

       1036
       1036
       +
               "nixpkgs": [

     

       1037
       1037
       +
                 "nixpkgs"

     

       1038
       1038
       +
               ],

     

       1039
       1039
       +
               "sqlite-lib-src": "sqlite-lib-src"

     

       1040
       1040
       +
             },

     

       1041
       1041
       +
             "locked": {

     

       1042
       1042
       +
               "lastModified": 1755122974,

     

       1043
       1043
       +
               "narHash": "sha256-QVBmpoPzw9F3RbwlzptiiM4vOKSOwZ/pDmQH0nudjbg=",

     

       1044
       1044
       +
               "ref": "refs/heads/master",

     

       1045
       1045
       +
               "rev": "9200ee979f28fcf5b724768cc4042bf93f1f1c77",

     

       1046
       1046
       +
               "revCount": 1131,

     

       1047
       1047
       +
               "type": "git",

     

       1048
       1048
       +
               "url": "ssh://git@tangled.sh/tangled.sh/core"

     

       1049
       1049
       +
             },

     

       1050
       1050
       +
             "original": {

     

       1051
       1051
       +
               "type": "git",

     

       1052
       1052
       +
               "url": "ssh://git@tangled.sh/tangled.sh/core"

     

       877
       1053
        
             }

     

       878
       1054
        
           },

     

       879
       1055
        
           "telescope-nvim": {

flake.nix

···

       82
       82
        
               home-manager.follows = "home-manager";

     

       83
       83
        
             };

     

       84
       84
        
           };

     

       85
       85
       +
       

     

       86
       86
       +
           tangled = {

     

       87
       87
       +
             url = "git+ssh://git@tangled.sh/tangled.sh/core";

     

       88
       88
       +
             inputs.nixpkgs.follows = "nixpkgs";

     

       89
       89
       +
           };

     

       85
       90
        
         };

     

       86
       91
        
       

     

       87
       92
        
         outputs = inputs @ { self, ... }: let

     
···

       140
       145
        
             inherit overlays;

     

       141
       146
        
             system = "aarch64-linux";

     

       142
       147
        
             hostname = "ramune";

     

       148
       148
       +
             modules = [ inputs.tangled.nixosModules.knot ];

     

       143
       149
        
           };

     

       144
       150
        
       

     

       145
       151
        
           overlays = {

machines/ramune/configuration.nix

···

       52
       52
        
             tailscale.enable = true;

     

       53
       53
        
             caddy.enable = true;

     

       54
       54
        
             vaultwarden.enable = true;

     

       55
       55
       +
             tangled.enable = true;

     

       55
       56
        
           };

     

       56
       57
        
         };

     

       57
       58

+11

modules/server/caddy.nix

···

       5
       5
        
         cfg = config.modules.server;

     

       6
       6
        
       

     

       7
       7
        
         domain = config.networking.domain;

     

       8
       8
       +
         knotEnabled = cfg.tangled.enable;

     

       8
       9
        
         tailscaleEnabled = cfg.tailscale.enable;

     

       9
       10
        
         vaultwardenEnabled = cfg.vaultwarden.enable;

     

       10
       11
        
         jellyfinEnabled = cfg.jellyfin.enable;

     
···

       46
       47
        
           }

     

       47
       48
        
         '' else "";

     

       48
       49
        
       

     

       50
       50
       +
         knotConfig = if knotEnabled then ''

     

       51
       51
       +
           ${cfg.tangled.hostname} {

     

       52
       52
       +
             reverse_proxy localhost:5555

     

       53
       53
       +
           }

     

       54
       54
       +
         '' else "";

     

       55
       55
       +
       

     

       49
       56
        
         exposeConfig = let

     

       50
       57
        
           configs = attrsets.mapAttrsToList (name: root: ''

     

       51
       58
        
             handle_path /${name} {

     
···

       101
       108
        
               }

     

       102
       109
        
       

     

       103
       110
        
               ${tailscaleConfig}

     

       111
       111
       +
               ${knotConfig}

     

       104
       112
        
       

     

       105
       113
        
               :80 {

     

       106
       114
        
                 import network_paths

     
···

       111
       119
        
               }

     

       112
       120
        
             '';

     

       113
       121
        
           };

     

       122
       122
       +
       

     

       123
       123
       +
           networking.firewall.allowedTCPPorts = [ 80 443 ];

     

       124
       124
       +
           networking.firewall.allowedUDPPorts = [ 443 ];

     

       114
       125
        
         };

     

       115
       126
        
       }

modules/server/default.nix

···

       20
       20
        
           ./home-assistant.nix

     

       21
       21
        
           ./podman.nix

     

       22
       22
        
           ./macos.nix

     

       23
       23
       +
           ./tangled.nix

     

       23
       24
        
         ];

     

       24
       25
        
       }

modules/server/encrypt/tangled-knot-secret.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-ed25519 QwbpPw 33WczOs4JEiVVA8CzFii7hWMA+N2FxeMj0ya1JHim1A

     

       3
       3
       +
       kfxuJo5DLQJ0vZ6P3ubiadIb0nO3YFFdiMGsTCG00N4

     

       4
       4
       +
       --- M5dUQ19fOQdclRb1kt0DbAv8BrFMih+Uy2dlxskeVzg

     

       5
       5
       +
       �S*ɀ�!Q]�T�����^�C��-X��Tҕ�r�^��D�m�잫�aD��;k�t@��/��i����A��A��A@I���Ù�8�����E=^���>����B^۰�):�

+42

modules/server/tangled.nix

···

       1
       1
       +
       { lib, config, hostname, helpers, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       with lib;

     

       4
       4
       +
       let

     

       5
       5
       +
         address = config.modules.router.adress;

     

       6
       6
       +
         cfg = config.modules.server;

     

       7
       7
       +
       in helpers.linuxAttrs {

     

       8
       8
       +
         options.modules.server.tangled = {

     

       9
       9
       +
           enable = mkOption {

     

       10
       10
       +
             default = false;

     

       11
       11
       +
             example = true;

     

       12
       12
       +
             description = "Whether to enable Tangled Knot.";

     

       13
       13
       +
             type = types.bool;

     

       14
       14
       +
           };

     

       15
       15
       +
       

     

       16
       16
       +
           hostname = mkOption {

     

       17
       17
       +
             default = "knot.kitten.sh";

     

       18
       18
       +
             type = types.str;

     

       19
       19
       +
           };

     

       20
       20
       +
         };

     

       21
       21
       +
       

     

       22
       22
       +
         config = mkIf (cfg.enable && cfg.tangled.enable) {

     

       23
       23
       +
           age.secrets."tangled-knot" = let

     

       24
       24
       +
             inherit (config.services.tangled-knot) gitUser;

     

       25
       25
       +
           in {

     

       26
       26
       +
             file = ./encrypt/tangled-knot-secret.age;

     

       27
       27
       +
             owner = gitUser;

     

       28
       28
       +
             group = gitUser;

     

       29
       29
       +
             mode = "0440";

     

       30
       30
       +
           };

     

       31
       31
       +
       

     

       32
       32
       +
           services.tangled-knot = {

     

       33
       33
       +
             enable = true;

     

       34
       34
       +
             openFirewall = true;

     

       35
       35
       +
             server = {

     

       36
       36
       +
               hostname = cfg.tangled.hostname;

     

       37
       37
       +
               listenAddr = "127.0.0.1:5555";

     

       38
       38
       +
               secretFile = config.age.secrets."tangled-knot".path;

     

       39
       39
       +
             };

     

       40
       40
       +
           };

     

       41
       41
       +
         };

     

       42
       42
       +
       }

secrets.nix

···

       8
       8
        
       

     

       9
       9
        
         "./modules/server/encrypt/tailscale.age".publicKeys = keys;

     

       10
       10
        
         "./modules/server/encrypt/rclone.conf.age".publicKeys = keys;

     

       11
       11
       +
         "./modules/server/encrypt/tangled-knot-secret.age".publicKeys = keys;

     

       11
       12
        
       

     

       12
       13
        
         "./home/fonts/encrypt/DankMono-Regular.otf.age".publicKeys = keys;

     

       13
       14
        
         "./home/fonts/encrypt/DankMono-Bold.otf.age".publicKeys = keys;